An investigation of negative authentication systems

Abstract

This work explores a new concept in user authentication to improve security on login process. Most authentication systems use some form Positive Identification (PI) to identify legitimate users. Specifically, these systems use a password profile containing all the user passwords that are authorized to access the system (or the server). The negative counterpart (non-self/anti-password space) represents all strings that are not in the password file, which can possibly be exploited by hackers (using password guessing or cracking tools). While this Anti-Password (Anti-P) space appears to be very large, our technique utilizes a form of implicit clustering to generate a small set of Anti-P detectors to cover this password guessing space. The developed system demonstrated it is hard (if not impossible) to discover any individual password even though Anti-P detectors are being compromised. Moreover, experiments show that these detectors work as a password immunizer, filtering out all illegitimate users (hackers, crackers, etc.) before allowing the legal users to access the positive identification system.

Publication Title

3rd International Conference on Information Warfare and Security

This document is currently not available here.

Share

COinS